- From: Clemm, Geoff <gclemm@rational.com>
- Date: Mon, 8 Jul 2002 16:11:15 -0400
- To: w3c-dist-auth@w3.org
I agree that an UNLOCK on a resource not locked by the specified lock token MUST fail. Cheers, Geoff -----Original Message----- From: Jason Crawford [mailto:ccjason@us.ibm.com] Sent: Monday, July 08, 2002 3:10 PM To: Julian Reschke Cc: w3c-dist-auth@w3.org Subject: Issue: UNLOCK_WHAT_URL I've changed the issue name to the one on the issue list that seems more appropriate. See new Subject: line. > So do we have agreement that *any* of the URIs affected by a deep lock can > be used to do the UNLOCK operation? The other question of that issue is... do we agree that if you request an UNLOCK on a resource that is not locked by that lock, that the request should fail? I believe in previous discussions it was suggested that we should not allow one to specify a URL other than one that is locked by the lock. The reasoning was that in a virtual website where the URI space might be partitioned and delegated across several machines (perhaps using intermachine BIND requests), it might be burdensome for all machines of the virtual website to be familiar with all locks. Anyway, regardless of folks believing this, I'd like to confirm that UNLOCK requests specifying a request URI of an unlocked resource should be rejected. Opinions? J. ------------------------------------------ Phone: 914-784-7569, ccjason@us.ibm.com "Julian Reschke" <julian.reschke@gmx.de> "Julian Reschke" <julian.reschke@gmx.de> Sent by: w3c-dist-auth-request@w3.org 07/08/2002 07:24 AM To: <w3c-dist-auth@w3.org> cc: Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER > To: Daniel Brotsky <dbrotsky@adobe.com> > Cc: "Clemm, Geoff" <gclemm@Rational.Com>, w3c-dist-auth@w3c.org > Message-ID: <OF7C4220CB.830F87EE-ON85256B41.006F0EFA@pok.ibm.com> > From: "Jason Crawford" <ccjason@us.ibm.com> > Date: Mon, 14 Jan 2002 15:19:50 -0500 > Subject: RE: root of a lock, was HOW_TO_IDENTIFY_LOCK_OWNER > > > > In addition to Geoff's answer: > > If you are an administrator trying to unlock a resource obtained by > > someone else, you have to be able to figure out which resource to > > unlock. You can't unlock an internal member of a collection that's > > locked by a depth-inifinity lock without knowing which collection was > > actually locked. > > CAN'T? (going back to an old discussion...) RFC2518, 8.11 says [1]: "The UNLOCK method removes the lock identified by the lock token in the Lock-Token request header from the Request-URI, and all other resources included in the lock. If all resources which have been locked under the submitted lock token can not be unlocked then the UNLOCK request MUST fail. " So do we have agreement that *any* of the URIs affected by a deep lock can be used to do the UNLOCK operation? [1] <http://greenbytes.de/tech/webdav/rfc2518.html#METHOD_UNLOCK>
Received on Monday, 8 July 2002 16:11:47 UTC